Andrew G. Stanton - Thursday, May 7, 2026

Today something happened in Continuum that I genuinely do not think most people in Nostr-land have fully realized yet.

And the strange thing is:

I probably would not have realized it either if I had not first implemented:

• PGP identities
• then Bitcoin signing identities
• before finally arriving at Nostr artifact attestations.

The order mattered.

That is important.

If I had started directly with “Nostr artifact attestations,” I probably would have unconsciously kept trying to force the concept back into the shape of a Nostr event.

Because that is how almost everyone thinks about Nostr keys.

Nostr private key: → signs Nostr events → publishes to relays → social protocol identity

But once I had already implemented:

• detached PGP signatures
• detached Bitcoin artifact proofs

my brain was already operating in a different conceptual framework.

The key realization became:

A private key is fundamentally a signing authority.

Everything else is protocol semantics layered on top.

That sounds obvious in hindsight.

But I honestly do not think many people are thinking this way.

Most systems tightly couple:

• signing
• transport
• publishing
• protocol structure

into one conceptual object.

Continuum has been intentionally separating those concepts for a long time.

That separation is what made this realization possible.

Continuum’s architecture already assumes:

• signing is local
• publishing is separate
• authorship exists before distribution
• drafts can exist offline
• signed artifacts can exist without publication

Once you accept that model, a Nostr private key suddenly stops looking like merely:

“the thing that signs kind events.”

Instead it becomes:

A generalized Schnorr signing authority.

And once that clicked, the implementation became straightforward.

I added support for:

artifact.pdf.nostr-proof.json

The proof contains:

• artifact SHA256
• npub
• pubkey
• canonical message
• message hash
• Schnorr signature
• timestamp

Importantly:

This is NOT a Nostr event.

No kind. No relay. No publication. No event ID.

The Nostr private key is simply being used to sign a canonical message describing an external artifact.

That distinction is absolutely critical.

Because it expands the conceptual role of a Nostr identity dramatically.

A Nostr key can now:

• sign relay events
• authenticate challenge-response flows
• attest to external artifacts
• verify authorship
• prove authority offline

without being restricted to relay publishing.

And I think this is precisely the kind of idea that becomes difficult to see if signing and publishing remain tightly coupled together.

Most Nostr clients are fundamentally publishing tools.

Continuum has increasingly become:

A local-first signing workspace.

That difference sounds subtle.

It is not.

It changes the entire architecture.

The artifact signing flow tonight made that very clear.

A PDF can now be accompanied by:

• detached PGP signature
• Bitcoin proof JSON
• Nostr proof JSON

all generated locally.

The proofs themselves are public.

That is another fascinating aspect.

The JSON proof files can be shared publicly without exposing any private signing authority.

That means:

• verification becomes portable
• proof becomes distributable
• authority remains local

That is a radically different trust model from most web infrastructure.

Most modern systems assume:

• hosted identity
• OAuth providers
• platform mediation
• centralized verification

But cryptographic signatures invert the trust relationship.

The verifier no longer needs to trust the platform.

They only need:

• the proof
• the public verification material
• the artifact

That is all.

And once I realized the Nostr private key could participate in that same generalized signing model, another realization followed almost immediately:

The exact same abstraction applies to authentication.

A challenge-response flow becomes:

challenge → sign → verify

The signing backend becomes interchangeable:

• PGP
• Bitcoin
• Nostr
• SSH

The protocol changes. The cryptography changes. The UX changes.

But the underlying primitive remains the same.

That is where Continuum is becoming very interesting to me.

It is not merely adding “support for more identities.”

It is beginning to unify multiple cryptographic ecosystems under one coherent local-first signing model.

And the irony is:

The breakthrough with Nostr only became visible after implementing the other identity systems first.

Because the moment I stopped thinking:

“Nostr keys sign Nostr events”

and started thinking:

“Nostr keys are generalized Schnorr signing authorities”

an entirely new design space opened up.

I honestly do not think we have explored even 10% of the implications yet.